EUVD-2017-10368

Malware in sbrugna...

No Fuss Computing Centurion ERP 安全漏洞

No Fuss Computing Centurion ERP is an open source enterprise resource planning ERP software from No Fuss Computing. A security vulnerability exists in No Fuss Computing Centurion ERP versions prior to 1.3.1, which originated when an authenticated user with work order viewing privileges could view...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems, and applications. A security vulnerability exists in Centreon that stems from a possible SQL injection when creating wo...

OTRS Security Vulnerabilities

OTRS is a software application from the German company OTRS. A service management software. A security vulnerability exists in OTRS that stems from improper field filtering, which could allow an authorized user to download work order lists that contain information about other customers' work orde...

Helpy 跨站脚本漏洞

Helpy is an open source customer support application. The program includes features such as a knowledge base, community discussions, and email. A security vulnerability exists in Helpy version 2.8.0, which stems from the application not properly validating attachments sent by customers in work...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad version 5.2.1, which stems from a fine-grained permission model that allows configuring read-only access to work orders, however, agents are still able to incorrectly perform...

Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to change work orders that the user should not have access to change (CVE-2015-7395)

Summary IBM Maximo Asset Management contains a vulnerability which could allow an authenticated user to change work orders that the user should not have access to change due to improper access control. This vulnerability could allow a local attacker to compromise data integrity. The vulnerability...

Zammad has an unspecified vulnerability (CNVD-2022-22302)

Zammad is a suite of ticket management software from the German company Zammad. a security vulnerability exists in Zammad, which stems from the ability of agents to configure out of office periods and substitutes. If substitutes do not have the same privileges as the original agent, they may...

CVE-2021-41557

Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting XSS. An attacker with access to a user account of the RIA IT or the Fleet role can create a crafted work order in the damage reports section or change existing work orders. The XSS payload is in the work order number...

Sofico Miles Ria跨站脚本漏洞

Sofico Miles Ria is a car rental management software from Sofico Belgium. A security vulnerability exists in Sofico Miles RIA version 2020.2 build 127964T, which allows an attacker to create a malicious work order in the damase report section or change an existing work order using a malicious...

Zammad 跨站脚本漏洞

Zammad is a Web-based open source help desk/customer support system. An attacker could upload an attachment to a "work order" via an "article", which could be exploited to inject malicious JavaScript code...

Zammad Improper Access Control Vulnerability

Zammad is a Web-based open source helpdesk/customer support system. An improper access control vulnerability exists in Zammad versions prior to 3.4.1. An attacker could exploit the vulnerability to access work orders...

Zammad 安全漏洞

Zammad is a Web-based open source helpdesk/customer support system. An improper access control vulnerability exists in Zammad versions prior to 3.4.1. An attacker could exploit the vulnerability to access work orders...

Unauthorized Access Vulnerability in Paradis Fortress Interface

Hangzhou Paradis Network Technology Co., Ltd. is a network security product manufacturer that provides enterprise "human-machine" interactive operation and maintenance platform and enterprise "application" overall delivery solutions. An unauthorized access vulnerability exists in the interface of...

Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks (CVE-2017-1357)

Summary IBM Maximo Asset Management could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. Vulnerability Details CVEID: CVE-2017-1357 DESCRIPTION: IBM Maximo Asset Management could allow an authenticated user to...

Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file (CVE-2017-1352)

Summary IBM Maximo Asset Management could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. Vulnerability Details CVEID: CVE-2017-1352 DESCRIPTION: IBM Maximo Asset Management could allow an authenticated user ...

CVE-2017-1352

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538...

CVE-2017-1352

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538...

Code injection

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538...

CVE-2017-1352

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538...